In-flight Wi-Fi might open hatch to commercial aircraft hackers

Researchers raise awareness that security flaws could leave systems vulnerable to mid-air tampering

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

It’s chill­ing to think about the pos­si­bil­i­ty of a cyber­se­cu­ri­ty breach occur­ring while in flight.

The enclosed cab­in. Heavy wiring of elec­tron­ics. Fly­ing 30,000 feet above ground.

But apart from a few episodes not ful­ly explained, in-flight elec­tron­ics have been large­ly spared from cyber attacks.

Still, a few hack-savvy trav­el­ers have been pok­ing around for vul­ner­a­bil­i­ties in their in-flight Wi-Fi and enter­tain­ment systems.

Relat­ed: ‘Glitch­es’ show air­lines unusu­al­ly vul­ner­a­ble to cyber attacks

In 2015, a hack­er bragged on Twit­ter that he man­aged to make a plane he was on climb and move “side­ways” after crack­ing into its in-flight enter­tain­ment sys­tem, accord­ing to an FBI affi­davit. The hack­er, Chris Roberts, told the FBI that he accessed planes’ com­put­er sys­tems by attach­ing an eth­er­net cable to the elec­tron­ic box placed in some seats.

Ruben Santamarta, IOActive principal security consultant
Ruben San­ta­mar­ta, IOAc­tive prin­ci­pal secu­ri­ty consultant

Ruben San­ta­mar­ta, prin­ci­pal secu­ri­ty con­sul­tant at cyber­se­cu­ri­ty ser­vice firm IOAc­tive, also was curious.

Dur­ing a flight from War­saw, Poland, to Dubai, Unit­ed Arab Emi­rates, two years ago, San­ta­mar­ta toyed with the in-flight enter­tain­ment sys­tem and dis­cov­ered unpro­tect­ed com­put­er soft­ware code.

Pro­pri­etary infor­ma­tion exposed

Using the vis­i­ble code, San­ta­mar­ta went online and found that the system’s firmware updates for mul­ti­ple major air­lines, con­tain­ing code lines and “bina­ries,” were pub­licly avail­able. “There were hun­dreds of files. And I didn’t down­load all of them,” he says. “Air­lines decide to cus­tomize their sys­tems for their own needs. So in a way, they’re expos­ing some­thing that may be con­sid­ered intel­lec­tu­al property.”

The dis­cov­ery prompt­ed IOAc­tive to con­duct broad­er research about the com­pa­ny that pro­duced the in-flight sys­tem, Pana­son­ic Avion­ics. Late last year, IOAc­tive revealed the find­ings pub­licly, con­clud­ing that the secu­ri­ty vul­ner­a­bil­i­ties in Pana­son­ic Avion­ics’ in-flight enter­tain­ment sys­tem, used by a num­ber of major air­lines, could allow hack­ers to take over in-flight dis­plays and, “in some instances, poten­tial­ly access their cred­it card information.”

Wild ride

These com­put­er code lines also often con­tain “entry points” that may give a hack­er access to sen­si­tive infor­ma­tion with­in a wider net­work. A hack­er intrud­ing on the wider net­work and rewrit­ing codes poten­tial­ly could gain con­trol of what pas­sen­gers expe­ri­ence dur­ing the flight, includ­ing pos­si­bly manip­u­lat­ing alti­tude or speed infor­ma­tion and inter­ac­tive map routes, seiz­ing PA sys­tems and light­ing con­trols, as well as cap­tur­ing cred­it card details avail­able in air­lines’ fre­quent-fli­er mem­ber­ship data, IOAc­tive says.

You can use the code and info to look for vul­ner­a­bil­i­ties,” San­ta­mar­ta says. “We aren’t (talk­ing about) bring­ing down the plane but … you can cre­ate dis­com­fort. You nev­er know how pas­sen­gers are going to react to these kinds of situations.”

Pana­son­ic Avion­ics panned IOActive’s find­ings. The report con­tains “a num­ber of inac­cu­rate and mis­lead­ing state­ments about Panasonic’s sys­tems,” the com­pa­ny said in a state­ment. “These mis­state­ments and inac­cu­ra­cies call into ques­tion many of the asser­tions made by IOActive.”

Clam­p­down on access

Pana­son­ic removed pub­lic access to the firmware update list­ings direc­to­ry, San­ta­mar­ta says. “You can’t browse all those files any­more,” he says. “In their state­ment, they said they fixed it. We don’t have any rea­son to doubt those claims.”

Cur­rent­ly, in-flight enter­tain­ment sys­tems gen­er­al­ly are sep­a­rat­ed from cock­pit sys­tems. But they have been inte­grat­ed with prod­ucts from mul­ti­ple ven­dors and vary­ing tech­nol­o­gy stan­dards, an attrac­tive sce­nario for hack­ers. In-flight Wi-Fi and mobile devices also have made air­craft elec­tron­ics even more com­plex in recent years.

Mean­while, the Fed­er­al Avi­a­tion Admin­is­tra­tion is in the midst of mod­ern­iz­ing air traf­fic con­trol, which now uses radar. Its Next Gen­er­a­tion Air Trans­porta­tion Sys­tem, or NextGen, would rely on GPS and the inter­net, trig­ger­ing seri­ous wor­ries among cyber­se­cu­ri­ty experts and indus­try officials.

A sur­vey last year by Price­wa­ter­house­C­oop­ers says 85 per­cent of air­line CEOs expressed con­cern about cyber­se­cu­ri­ty risk vs. 61 per­cent of CEOs in oth­er industries.

Bet­ter safe than sorry

The study rec­om­mends that air­lines take proac­tive steps to min­i­mize threats by improv­ing cus­tomer noti­fi­ca­tion tools and col­lect­ing foren­sic data to iden­ti­fy secu­ri­ty weaknesses.

San­ta­mar­ta says his firm pub­lished its research about Pana­son­ic because “we’re always try­ing to raise aware­ness of a spe­cif­ic area.”

We may have a suc­cess sit­u­a­tion here since the aware­ness lev­el is raised. The pilots are tak­ing these issues seri­ous­ly. It’s bet­ter to improve secu­ri­ty while we can rather than wait­ing until some­thing happens.”

More sto­ries relat­ed to secu­ri­ty attacks:
Does your air­line real­ly under­stand and pro­vide data security?
More orga­ni­za­tions find secu­ri­ty aware­ness train­ing is becom­ing a vital secu­ri­ty tool
Tar­get­ed attacks on indus­tri­al con­trol sys­tems surge

Posted in Cybersecurity, Data Security, Featured Story